SOAR holds the promise of driving process improvement, increasing efficiency and maximizing effectiveness for enterprise SOCs. As such, as you embark upon a SOAR implementation project, be sure to be clear on how it can best enable your team to maximize the use of the security tools you already have, empower your existing team and inject new structure to your processes and techniques.
2. There’s no doubt, organizations around the globe are
investing in security orchestration, automation and
response (SOAR) solutions. While today, less than 1% of
large enterprises use SOAR technologies, by 2020 15%
of organizations with a security team of more than five
are expected to leverage these tools.
Introduction
4. To effectively counter the different types of cyber threats and
attack vectors, organizations acquire or subscribe to multiple
security tools or services - SIEM, EDR, threat intelligence
service, anti-malware, sandboxing solution, and many others.
SOAR solutions bring together individual security tools in a
way that allows SOC teams to orchestrate and manage them
more efficiently from a single platform.
Consolidating Disparate Security
Tools
5. Given that we are still early in the adoption of
SOAR, there isn’t a set roadmap for success
in implementing these solutions. After talking
with dozens of companies embarking on
SOAR projects, we’ve been able to identify
what can set your organization up for
success and the pitfalls to avoid.
Why Enterprises Implement SOAR
6. Organizations already know they have to deal with the
cybersecurity talent gap, a problem that seems to be worsening
every year. ESG’s research finds the shortage has been
growing steadily since 2014. Enterprise SOCs typically have job
requisitions open for analysts of all levels that take months to fill
and finding experienced analysts is the toughest.
Making Up For Security Staff
Shortages
7. Teams can handle alerts and resolve issues faster, more
effectively with a greater degree of consistency if they follow a
documented, codified set of processes. This can be achieved
by leveraging playbooks inherent in SOAR solutions to
document tribal knowledge and ensure processes are executed
the same way every time across the SOC.
Improve Incident Response
Processes
8. Now that we’ve taken a peek at the main reasons why
organizations embark on SOAR projects, it’s time to discuss the
common missteps that can keep you from realizing the full
potential of a SOAR solution.
SOAR Implementation Pitfalls To
Avoid
9. With so many manual processes and staff in short supply, it can
be tempting to go all in on security automation. After all, there
is no shortage of articles about its ability to alleviate the
overload experienced by today's SOCs.
If you’re just starting out, identify processes that are prime
candidates for automation and implement SOAR in those areas
first. From there you can determine how to continue forward on
the automation component of your journey.
Trying To Automate Everything
10. You can’t get everything right the first time. Even if you’ve
devoted a lot of time and energy designing a particular incident
response playbook, there’s still a good chance it won’t turn out
to be perfect. Besides, the tactics, techniques and procedures
(TTPs) of cyber threats evolve with time. Thus, you need to
adapt and incorporate changes accordingly.
Incident Response Processes -
'Set It & Forget It'
11. SOAR holds the promise of driving process improvement,
increasing efficiency and maximizing effectiveness for
enterprise SOCs. As such, as you embark upon a SOAR
implementation project, be sure to be clear on how it can best
enable your team to maximize the use of the security tools you
already have, empower your existing team and inject new
structure to your processes and techniques.
Conclusion